DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 25th July 2015
Peter_APIIT Peter_APIIT is offline
Shell Scout
 
Join Date: Jun 2008
Posts: 118
Default My OpenBSD machine was hacked

Dear All,

First of all, thanks for reading this thread. I would like to tell you all that my OpenBSD 5.7 was hacked recently.

I have little knowledge about networking and thus I have no idea how the hacker able to hack the machine.

My firewall script was not loaded at run time where the hacker firewall rules was loaded at run time. The hacker is able to upload his script to my OpenBSD machine and edited my machine.

This was verfied using pfctl -sr command.
I did not change the kernel security level to 2 (My mistake).
I'm following the good practices of a OpenBSD firewall configuration rules

/etc/pf.conf
Quote:
ext_if="fxp0"
int_if="vr0"

allowPort="{53, 80, 443}"
netbios="{137,138,139,445}"

set block-policy drop
set state-policy floating

match on pppoe0 scrub (reassemble tcp,random-id,no-df,max-mss 1440, min-ttl 64)
match out on pppoe0 inet from !(egress:network) to any nat-to (pppoe:0)

antispoof log for {$ext_if, $int_if}

block in log from {urpf-failed no-route} to any
block drop log
block in log quick on {$ext_if, $int_if} proto {tcp, udp} from any to any port $netbios

pass out on pppoe0 inet proto {tcp, udp, icmp}
pass out log on {$ext_if, $int_if} inet proto {tcp, udp} from any port $allowPort to any
pass out proto icmp icmp-type echoreq

pass in log in $int_if inet proto {tcp, udp, icmp}
No P2P network
No ssh
No telnet
No dangerous old protocol services running

My Suspection:
ARP attack (What are the good software to protect 3 kinds of ARP attack?)
STP
SLP
Hacking was did by my ISP.
There is pf carp protocol running after the hacked (LAN Attack)

Can broadcast or multicast protocol at the same subnet uses to attack the OpenBSD machine?

I could upload the whole OS file to here for inspection. Please tell me how to do it. Thanks.

Last edited by Peter_APIIT; 25th July 2015 at 02:37 PM.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
LastPass hacked rocket357 News 0 16th June 2015 09:50 PM
Million$ hacked from Banks shep News 0 14th February 2015 06:19 PM
Create OpenBSD guest for Linux KVM (Kernel-based Virtual Machine) with 'virt-install' J65nko Guides 4 11th December 2014 04:30 AM
Security NBC.com hacked and served up malware J65nko News 0 22nd February 2013 08:22 PM
Am I being hacked? newbsdied OpenBSD Security 14 6th November 2010 10:41 PM


All times are GMT. The time now is 01:45 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick